Toll Group still recovering from ransomware attack

By Dylan Bushell-Embling
Wednesday, 13 May, 2020

Toll Group still recovering from ransomware attack

Australian logistics company Toll Group has been forced to shut down some core IT systems after falling victim to a ransomware attack for a second time this year.

The attack on 5 May has been confirmed to be traced to the new Nefilim ransomware, part of a new wave of “double extortion” ransomware attacks whereby data is both encrypted and sent to the attackers, who threaten to publish the data online if they do not pay the ransom.

Toll Group has announced that it had securely reactivated its core IT systems as of 7 May, but that a number of customer-facing applications remained offline as of 11 May. The restoration work is expected to continue throughout this week.

The attack has caused delays in some parts of the network, but Toll has switched to taking bookings over the phone via its call centres, and freight shipments and parcel deliveries are moving “by and large” as normal.

Meanwhile, Toll has revealed it has no intention of paying any ransom, and despite Nefilim’s typical methodology, the company has no evidence to date that any data was exfiltrated from its network.

“We continue to prioritise the movement of essential items including medical and healthcare supplies,” Toll Group’s latest update states. “Email access has been restored for Toll employees who operate on our cloud-based platforms.”

Toll Group added that it is continuing to support its large enterprise customers whose services are affected by the disruption to Toll’s online operations.

The company is working with the Australian Cyber Security Centre (ACSC) to investigate and resolve the incident.

The Nefilim ransomware is commonly distributed through exposed remote desktop protocol (RDP) ports, and uses AES-128 encryption to encrypt a victim’s files.

Toll Group was forced to pull its systems offline in January after falling victim to a major ransomware attack involving the Mailto ransomware.

While at the time ACSC said there was no evidence the attack was part of a broader campaign, rival Henning Harders also suffered a ransomware attack in March.

Image credit: © Kilasonia

Related Articles

Getting the balance right between business innovation, security and AI

As businesses continue to digitise their operations, traditional security measures may no longer...

If you want to fix cyber, stop trying to fix people

We need to stop trying to fix people and start understanding and supporting them with the right...

Managing through uncertainty requires facing security unknowns head on

Understanding the attack surface in its entirety is not just a tactical advantage; it is a...

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd